This project enables the creation of TLS channels between SPIRS's enclave applications, which use ED25519 key pair for the TLS mutual authentication.
- mbedtls_eapp: patched version of Mbed-TLS used by enclave applications
- mbedtls_happ: patched version of Mbed-TLS used by host applications
- spirs_tee_sdk_A: directory with the demo of a TLS server developed starting from spirs_tee_sdk
- spirs_tee_sdk_B: directory with the demo of a TLS client developed starting from spirs_tee_sdk
- Clone and build SPIRS repository. Then export its envrironment variables (
source source.shfrom main directory) - Clone this project
- Execute the script
setup.sh
If you want to modify the Mbed-TLS versions used by the project, to rebuild them you have to execute these commands from the corresponding main directory:
####################### only if you add new files #######################
$ rm -rf build/* && cd build
$ cmake -DCMAKE_TOOLCHAIN_FILE=../../riscv-toolchain.cmake ..
#####################################################################
$ cmake --build .
if you want to modify the applications, execute the script build_spirs_tee_sdk.sh to rebuild them and to generate the new image.
After the installation, you have to execeute from two terminals (in this order):
- Terminal 1
$ cd <keystone-install-dir>/keystone/build
$ ./script/run-qemu.sh
# ./node_A.ke
- Terminal 2
$ cd <keystone-install-dir>/keystone/build
$ ./script/run-qemu-2.sh
# ./node_B.ke
The BOARD compile definition has been added to Client and Trusted Applications. You can write your code using this define to specify the implementation for QEMU or for the BOARD. For example:
#ifdef BOARD
// insert code for the board
#else
// the code for qemu
#endifTo build the spirs_tee_sdk for the board you have to run CMake with -DDEPLOY_MODE="board":
# in spirs_tee_sdk directory
mkdir build && cd build
cmake -DDEPLOY_MODE="board" ..
makeIf you are using the scripts setup.sh or build_spirs_tee_sdk.sh you can run them with the --board argument.